[Klug-general] Multiple routes out

Peter Childs pchilds at bcs.org
Mon Dec 6 17:02:10 UTC 2010 

On 6 December 2010 16:27, Alan Buchel <alan at communitytechnology.org.uk>wrote:

> Hi All,
>
> I have a slightly complicated situation with a routing requirement, have
> RTFM's till my brain hurts and hope someone can help...
>
> We have a Server inside a private network which routes out through a WLAN
> switch as it's main uplink to the internet. It syncs with other servers over
> this network. For reasons beyond my control, the server is only allowed 1 IP
> address. Now we want to expose some of the services on this server such as
> www (80) to the outside world via a broadband line, and such a facility is
> unavailable via the WLAN.
>
> So I thought: just put in a smoothwall box, RED NIC on the ADSL, GREEN on
> the same IP subnet as the Server, forward the required ports to Server and
> job done. Oh no, not a bit...
>
> While the server WILL respond to www requests (like wget and telnet)
> directly FROM the smoothwall box, it will, not respond to www requests that
> come from clients on the RED side of smoothwall. The portforwarding on the
> smoothie works fine, and I know this is so because if I set the default
> gateway for the Server to be that of the Smoothwall GREEN. Then the port
> forward works just fine...
>


Sounds like a problem with the Smoothwall Box.

You need to check the port forwarding from the Red NIC to the Green, Just
because the IP Masquerading works does not mean that the port forwarding it
correct.  You need an extra rule in IP Tables to do that. No matter what you
write to route will change anything you need to set the iptables rules
correctly.

I've not used Smoothwall but I could probably come up with an IP tables rule
to do that with a bit of work, but I'm guessing Smoothwall might well have a
User Interface to do it in......

Hope that at least gives you some ideas

Peter.


>
> So I guess the problem is with routing, we need to figure out how to tell
> the server to use SMOOTHWALL GREEN as the gateway for requests coming from
> SMOOTHWALL GREEN and to use WLAN for the rest.
>
> Does anyone have any ideas how to go about this, or have another idea on
> how to achieve  what we need? (have been trying route add -net %$^%^&%^&
>  till I am blue in the face and mostly only seeing syntax errors)
>
> Alan
>
>
>
>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20101206/b706cffa/attachment.htm>

More information about the Kent mailing list